Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
APACHE-2.0 License
Bot releases are visible (Hide)
Published by github-actions[bot] 10 months ago
This edge release includes fixes and improvements to the destination
controller's endpoint resolution API.
Published by github-actions[bot] 10 months ago
This edge release contains improvements to the logging and diagnostics of the
destination controller.
Published by github-actions[bot] 10 months ago
This stable release fixes two bugs in the Linkerd control plane.
Published by github-actions[bot] 10 months ago
This edge release includes a restructuring of the proxy's balancer along with
accompanying new metrics. The new minimum supported Kubernetes version is 1.22.
Published by github-actions[bot] 11 months ago
This stable release back-ports bugfixes and improvements from recent edge
releases.
imagePullSecrets
configuration tokubeAPI.clientBurst
and kubeAPI.clientQPS
configurations that allowPublished by github-actions[bot] 11 months ago
This edge release introduces new configuration values in the identity
controller for client-go's QPS
and Burst
settings. Default values for these
settings have also been raised from 5
(QPS) and 10
(Burst) to 100
and
200
respectively.
namespaceSelector
fields for the tap-injector and jaeger-injectorkube-system
by defaultQPS
and Burst
settings in thePodDisruptionBudgets
in the linkerd-viz Helm chart for tap andPublished by github-actions[bot] 11 months ago
This stable release fixes a proxy regression where bursts of TCP connections
could result in EOF errors, due to an incorrect queue capacity. In addition, it
includes fixes for the control plane, dependency upgrades, and support for image
digests in Linkerd manifests.
linkerd-control-plane
Helm chartchecksum/config
annotation to the destination and proxy injectorDEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY
to prevent EOF errorsPublished by github-actions[bot] 11 months ago
This edge release introduces support for the native sidecar containers entering
beta support in Kubernetes 1.29. This improves the startup and shutdown ordering
for the proxy relative to other containers, fixing the long-standing
shutdown issue with injected Job
s. Furthermore, traffic from other
initContainer
s can now be proxied by Linkerd.
In addition, this edge release includes Helm chart improvements, and improvements
to the multicluster extension.
config.alpha.linkerd.io/proxy-enable-native-sidecar
annotationProxy.NativeSidecar
Helm option that causes the proxy container to runservice-mirror
when runninglinkerd check
that ensures all extension namespaces arelinkerd-viz
extension tonodeAffinity
to deployment
templates in the linkerd-viz
andlinkerd-jaeger
Helm charts (thanks @naing2victor!) (#11464; fixesPublished by github-actions[bot] 11 months ago
This edge release fixes a bug where Linkerd could cause EOF errors during bursts
of TCP connections.
linkerd multicluster link
command's--gateway-addresses
flag was not respected when a remote gateway existsPublished by github-actions[bot] 11 months ago
This stable release improves observability for the control plane by adding
additional logging to the destination controller and by adding histograms which
can detect Kubernetes informer lag. It also adds the ability to configure
protocol detection.
Published by github-actions[bot] 12 months ago
This edge release contains observability improvements and bug fixes to the
Destination controller, and a refinement to the multicluster gateway resolution
logic.
Published by github-actions[bot] 12 months ago
This stable release fixes an issue in the Destination controller that was
forbidding to route traffic to opaque ports on unmeshed pods. Also, it increases
the log level from debug to warning when the outbound proxy faces this type of
events.
Published by github-actions[bot] 12 months ago
This edge release fixes two bugs in the Destination controller that could cause
outbound connections to hang indefinitely.
Published by github-actions[bot] 12 months ago
This edge release includes a fix for the ServiceProfile
CRD resource schema.
The schema incorrectly required not
response matches to be arrays, while the
in-cluster validator parsed not
response matches as objects. In addition, an
issues has been fixed in linkerd profile
. When used with the --open-api
flag, it would not strip trailing slashes when generating a resource from
swagger specifications.
ServiceProfile
resources through linkerd profile --open-api
(#11519)ServiceProfile
CRD schema. The schema incorrectlynot
response match should be an array, which the servicenot
values should be an object (#11510;Job
informer. The destination controller uses the metadata APIJob
metadata, and relies mostly on informers. Without anPublished by github-actions[bot] 12 months ago
This stable release fixes issues in the proxy and Destination controller which
can result in Linkerd proxies sending traffic to stale endpoints. In addition,
it contains a bug fix for profile resolutions for pods bound on host ports and
includes patches for security advisory CVE-2023-44487/GHSA-qppj-fm5r-hxr3
Control Plane
Proxy
grpc_status
metric labels asPublished by github-actions[bot] about 1 year ago
This edge release fixes issues in the proxy and Destination controller which can
result in Linkerd proxies sending traffic to stale endpoints. In addition, it
contains other bugfixes and updates dependencies to include patches for the
security advisories CVE-2023-44487/GHSA-qppj-fm5r-hxr3 and GHSA-c827-hfw6-qwvm.
INFO
-level logging to the proxy when endpoints are added or removedwarn,linkerd=info,linkerd_proxy_balance=warn
or similargrpc_status
metric labels as alinkerd-jaeger
's imagePullSecrets
Helm value to also apply tonamespace-metadata
ServiceAccount (#11504)golang.google.org/grpc
Gorustix
to include patches for GHSA-c827-hfw6-qwvmPublished by github-actions[bot] about 1 year ago
This edge release includes a fix addressing an issue during upgrades for
instances not relying on automated webhook certificate management (like
cert-manager provides).
Published by github-actions[bot] about 1 year ago
This edge release adds additional configurability to Linkerd's viz and
multicluster extensions.
Published by github-actions[bot] about 1 year ago
This edge release makes Linkerd even better.
linkerd-control-plane
Helm chartlinkerd viz check
to attempt to validate that the Prometheus scrapemulticluster check --timeout
flag to limit the timePublished by github-actions[bot] about 1 year ago
This stable release backports two fixes that address security
vulnerabilities. The proxy's dependency on the webpki library has been updated
to patch RUSTSEC-2023-0052, a potential CPU usage denial-of-service attack
when accepting a TLS handshake from an untrusted peer. In addition, the CNI and
proxy-init images have been updated to patch CVE-2023-2603 surfaced in the
runtime image's libcap
library. Finally, the release contains a backported fix
for service discovery on endpoints that use hostPorts which could potentially
disrupt connections on pod restarts.
Control Plane
Proxy
CNI